CVE-2007-0473
5.5 Medium
AI Score
Confidence
Low
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
14.9%
The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| smb4k:smb4k | smb4k | eq | 0.7 |
| smb4k:smb4k | smb4k | eq | 0.4 |
| smb4k:smb4k | smb4k | eq | 0.6 |
| smb4k:smb4k | smb4k | eq | 0.5 |
References
developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
developer.berlios.de/project/shownotes.php?release_id=11706
developer.berlios.de/project/shownotes.php?release_id=11902
developer.berlios.de/project/shownotes.php?release_id=9777
lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
secunia.com/advisories/23937
secunia.com/advisories/23984
secunia.com/advisories/24111
secunia.com/advisories/24469
www.gentoo.org/security/en/glsa/glsa-200703-09.xml
www.mandriva.com/security/advisories?name=MDKSA-2007:042
www.securityfocus.com/bid/22299
www.vupen.com/english/advisories/2007/0393
lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html
Related
5.5 Medium
AI Score
Confidence
Low
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
14.9%